I am going through a project at home to centralise my ESXi and Windows Event Logs using Splunk and Snare and part of that process was going through my Event logs to try and fix any niggling issues.

Going through my vCenter event logs I discovered some errors in the ADWS logs that I did a Google for and came across a post from Gregg Robertson over on his site that resolved the issue.

My ADWS logs were filled with these events occurring every minute.

I should point out that the issue at hand doesn’t actually affect me, in-fact the only people it would affect would be those people running Linked Mode vCenter servers (which require SSL port 636 to communicate between the linked servers). So whilst I could have just left the configuration as it was I didn’t, because this would have filled up my Splunk DB unnecessarily.

To fix the issue to hand you have to delete the Port SSL REG_SZ setting and create a Port SSL REG_DWORD entry instead, when you create the new DWORD entry it’s important that you add the value of 636 (the entry has to be in Decimal rather than the default of Hex so make sure you change the base type).

Alternatively you could just create a small Registry File like the one below and run that to make the changes.

Please note that the – after the first Port SSL line removes that entry and that the value in the second line is the Hexadecimal equivalent of Decimal 636 Once you make the changes you will notice the Event Logs look a lot better.